HELP, I've got "about blank" and can't do a thing with it!!!

I need help in the worst way, and I have a problem with my pc as well (he!
he!).

Seriously I have the about blank problem and have tried everything from
Ad-aware to spybot to cwshredder. I've asked everyone I know in person and on
the net and nothing seems to work, too get rid of this, THING!

Basically I'm at the end of my rope because this thing is really affecting
my business now, so if anyone can help it would be greatly appreciated!!!

Thank you
--
tjamestx

--
tjamestx

Crouchie1998

07-09-2005, 10:49 PM

Does sound like you have a Denial Of Service (DOS) attack

Also, search for your 'hosts' file (C:\WINNT\system32\drivers\etc)

Open the 'hosts' file in notepad & check to see if there are more than one
entry after the '#' (hashes). There should normally be just:

127.0.0.1 localhost.

Delete any others there if they exist

Save & close the 'hosts' file & then close the directory

------------------------------------

Also, without knowing which about blank adware, it will be difficult to
remove it

In Spybot Advanced mode:

Click the TOOLS strip, click 'BHO's' & delete all except the ones that don't
have a green tick by them

Click 'Startup' & delete any suspicious entries, as I guess its running on
startup. You can also remove the unwanted programs not needed on startup
here too

Now, switch to the 'Browser Pages' & see if you have all the correct
homepage/search pages. This is where your 'About Blank' will be showing.
Change as necessary.

1) The 'hosts' in C:\windows\system32\drivers\etc (I don't have a WINNT
directory, thought that might be becuase I'm running XP?). Is not named
'hosts' it's named '1.hosts'. don't know if that matters? Anyway, it had
numerious listings, none of which said localhost. So, I deleted all and type
in '127.0.0.1 localhost'

2) Spybot Advancxed Mode. There were two entries, one with and one without a
green tick. Deleted the one without.

3) Startup, deleted anything that looked suspicious to me...

4)Browser Pages, there were three 'about.blank' entries along with several
others I did not recognize so, I changed them all to 'google.com'.

5) Uninstall Programs was basically like Startup, deleted all that looked
suspicious to me...

Restarted my pc and opened IE and about.blank was still there. I went back
in Spybot Advanced/tools/BHOs and noticed the entry I deleted was back. Also,
in System Startup one entry was back 'HK_LM:Run ipto32.exe
C:\WINDOWS\ipto32.exe

Retied everthing again, same result...

--
tjamestx

"Crouchie1998" wrote:

> Does sound like you have a Denial Of Service (DOS) attack
>
> Also, search for your 'hosts' file (C:\WINNT\system32\drivers\etc)
>
> Open the 'hosts' file in notepad & check to see if there are more than one
> entry after the '#' (hashes). There should normally be just:
>
> 127.0.0.1 localhost.
>
> Delete any others there if they exist
>
> Save & close the 'hosts' file & then close the directory
>
> ------------------------------------
>
> Also, without knowing which about blank adware, it will be difficult to
> remove it
>
> In Spybot Advanced mode:
>
> Click the TOOLS strip, click 'BHO's' & delete all except the ones that don't
> have a green tick by them
>
> Click 'Startup' & delete any suspicious entries, as I guess its running on
> startup. You can also remove the unwanted programs not needed on startup
> here too
>
> Now, switch to the 'Browser Pages' & see if you have all the correct
> homepage/search pages. This is where your 'About Blank' will be showing.
> Change as necessary.
>
> Lastly (for now), go to the 'Uninstall Programs' & check for suspect
> programs here too.
>
> Once you've have done the above, post back & let us know the results
>
> Crouchie1998
> BA (HONS) MCP MCSE
>
>
>

What's in a Name?

07-09-2005, 10:49 PM

Start by backing up all important files to removable media.
Go here and follow all instructions.
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Post back with results
-max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
You can find my e-mail address on my pages.

Crouchie1998

07-09-2005, 10:49 PM

Ok. The Ipto.exe file you mentioned will probably be listed when you press
ALT CTRL DEL | Task Manager | Processes. If so, highlight it & then END TASK
it

Next. Delete the ipto.exe file from your Windows directory, as this is the
file causing you the problems then you can remove it from startup etc. like
you did before with SPYBOT.

Another thing you could do instead of deleting the ipto.exe file straight
away is to zip it up, rename it to submission.zip & send it to
AVSubmit@symantec.com with the startup name you had in the run key & that
you found it in your Windows directory... & Symantec will create a virus
definition agaist it. Once you sent it then you can delete the ipto.exe file
& the zip

If you really wanted to do it you could also send it to SPYBOT: Here's the
link:

http://www.spybot.info/en/contact/detections.html

Obviously, the report file is the file SPYBOT produces, but you can send the
submission.zip to them too with a brief explanation... They will then
produce a definition agains it, but in the next month whereas, Symantec will
be the same day.